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DETAILED ACTION 

Response to Arguments 

1. Applicant's arguments with respect to claim 1 , 3-16, 18-25, 27-30 have been 
considered but are moot in view of the new ground(s) of rejection. 

Objections: 

2. Claims 8-1 3 are objected to because of the following informality: Because they 
depended on cancelled claim 2. 

Appropriate correction is required 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1, 3-16,18-25,27-30 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Thomas et al. US 20040039827 in view of Lev Ran et al. US 
20040255048. 

Regarding claim 1, Thomas discloses an Application Gateway Module 
suitable for use in a telecommunication system wherein a service network 
authenticates a user and authorizes the user for accessing a service offered by a 
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service provider (paragraph [0064]-[0067], authentication and authorization 
and where an intermediary server is configured to ensure that access to 
the intranet 160 via the intermediary server), the Application Gateway Module 
arranged for intercepting application messages between the user and the service 
and for identifying said user and said service (paragraph [0259] where an LSP 
service intercepts messages/calls). Thomas discloses means for obtaining 
authorization decision on whether the user is allowed to access the service (Fig. 
3, Authorization and authentications). Thomas discloses the Application 
Gateway Module comprising: means for assigning a service session identifier 
intended to identify those application messages exchanged between the user 
and the service and that belong to a same service delivery authorized for said 
user (paragraph [0075], service session identifier assigned to identify 
messages exchanged). Thomas discloses means for configuring a first finite- 
state machine with a number of status intended to identify specific events in 
service delivery, the first finite state machine configured to control service 
progression (paragraph [0286] - state machine controlling service 
progression). Thomas discloses means for initiating a specific instance of the 
first finite-state machine, said specific instance being identified by the assigned 
service session identifier (paragraph [0069] and [0286]) and means for 
processing service policies applicable to said specific events and resulting in a 
state transition in the specific instance identified by the assigned service session 
identifier (paragraph [0068] and [0069] where services are processed using a 
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processing module and stored and used for session, state or identification 
purposes). However, Thomas is silent on activating service policies applicable to 
said specific events. 

Lev Ran teaches activating service policies applicable to said specific 
events (paragraph [0204] and [0459] where policy can be activated in specific 
time range). 

At the time of invention, it would have been obvious to a person of 
ordinary skill in the art to modify the invention of Thomas and add activating 
service policies applicable to said specific events. The motivation would be to 
provide quality of service (paragraph [0003]). 

Regarding claim 15, Thomas discloses telecommunication system 
wherein a service network authenticates a user and authorizes the user for 
accessing a service offered by a service provider (paragraph [0059] and Fig. 1A 
authentication and authorization by system network), the Authorization 
Module arranged for deciding whether a user is allowed to access a service 
(paragraph [0059] where access to the network is permitted after 
successful authentication). Thomas discloses means for receiving a service 
authorization request from an Application Gateway Module (paragraph [0058] - 
service authorization request) and means for returning to the Application 
Gateway Module a response on whether the user is granted access to the 
requested service (paragraph [0059] where access is authenticated and 
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permitted therefore a response returned on whether the user is granted 
access to the requested service). Thomas discloses the Authorization Module 
comprising: means for generating a service session identifier intended to 
correlate those application messages exchanged between the user and the 
service and that belong to a same service delivery authorized for said user 
(paragraph [0072] - where service session identifier is generated and 
stored). Thomas discloses means for configuring a second finite-state machine 
with a number of status intended to identify specific events in service 
progression, the second finite-state machine usable by the Authorization Module 
to act over the Application Gateway Module to control the service progression 
(paragraph [0286] - state machine controlling service progression) and 
means for initiating a specific instance of the second finite-state machine, said 
specific instance being identified by said service session identifier (paragraph 
[0069]) and means for processing service policies applicable to said specific 
events and resulting in a state transition in the specific instance identified by the 
assigned service session identifier (paragraph [0068] and [0069] where services 
are processed using a processing module and stored and used for session, state 
or identification purposes). However, Thomas is silent on activating service 
policies applicable to said specific events. 

Lev Ran teaches determining service policies applicable to said specific 
events (paragraph [0204] and [0459] where policy can be activated in specific 
time range). 
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At the time of invention, it would have been obvious to a person of 
ordinary skill in the art to modify the invention of Thomas and add determining 
service policies applicable to said specific events. The motivation would be to 
provide quality of service (paragraph [0003]). 

Regarding claim 25, Thomas discloses a method for authorizing a user of 
a service network to access a service offered by a service server of a service 
provider, the user already authenticated by the service network, the server 
arranged to deliver a service that comprises a plurality of transactions by 
exchanging a plurality of application messages with the user (paragraph [0059] 
and Fig. 1A authentication and authorization by system network), the 
method comprising the steps of: obtaining a first authorization decision on 
whether the user is allowed to access the service (Fig. 3, Authorization and 
authentications). Thomas discloses generating and assigning a service session 
identifier intended to identify those application messages exchanged between the 
user and the service and that belong to a same service delivery authorized for 
said user (paragraph [0075], service session identifier assigned to identify 
messages exchanged). Thomas discloses least one finite-state machine with a 
number of status intended to identify specific events in service delivery , the 
finite-state machine usable for controlling service progression (paragraph [0286] 
- state machine controlling service progression). Thomas discloses initiating 
a specific instance of the at least one finite-state machine, said specific instance 
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being identified by the assigned service session identifier (paragraph [0069] and 
[0286]) and processing service policies applicable to said specific events and 
resulting in a state transition in the specific instance identified by the assigned 
service session identifier (paragraph [0068] and [0069] where services are 
processed using a processing module and stored and used for session, state or 
identification purposes). However, Thomas is silent on activating service policies 
applicable to said specific events. 

Lev Ran teaches activating service policies applicable to said specific 
events (paragraph [0204] and [0459] where policy can be activated in specific 
time range). 

At the time of invention, it would have been obvious to a person of 
ordinary skill in the art to modify the invention of Thomas and add activating 
service policies applicable to said specific events. The motivation would be to 
provide quality of service (paragraph [0003]). 

Regarding claim 3, Thomas discloses wherein the means for activating 
service policies include means for setting at least one element selected from a 
non-exhaustive list of references and attributes that comprises: a number of 
message field values to match, a number of specific actions to carry out on 
matching, a number of timer values to run, and a number of transactions to 
supervise (paragraph [0438] where flow timer is run). 
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Regarding claim 4, Thomas discloses wherein the means for activating 
service policies include means for activating a global service policy 
independently of any service delivery in progress (paragraph [0013] ). 

Regarding claim 5, Thomas discloses wherein the means for activating 
service policies include means for initiating an instance of a global service policy 
to apply as an individual service policy within a specific instance of the first finite- 
state machine, the individual service policy inheriting references and attributes 
from the global service policy (paragraph [0438]). 

Regarding claim 6, Thomas discloses further comprising means for 
overwriting references and attributes of an individual service policy with new 
references and attributes during a service progression handled within a specific 
instance of the first finite- state machine (paragraph [0101]). 

Regarding claim 7, Thomas discloses wherein a particular state is 
associated with a number of individual service policies within a specific instance 
of the first finite-state machine, said instance identified by a given service session 
identifier (paragraph [0069]). 

Regarding claim 8, Thomas discloses wherein the means for obtaining an 
authorization decision include means for requesting a service authorization from 
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an Authorization Module (paragraph [0067] where processing modules 
include an authentication manager). 

Regarding claim 9, Thomas discloses wherein the means for activating 
service policies include means for receiving from the Authorization Module at 
least one element applicable to set a service policy, the element selected from a 
non-exhaustive list of references and attributes that comprises: a number of 
message field values to match, a number of specific actions to carry out on 
matching, a number of timer values to run, and a number of transactions to 
supervise (paragraph [0438]). 

Regarding claim 10, Thomas discloses wherein the means for activating 
service policies includes means for receiving a global service policy from the 
Authorization Module (paragraph [0058] and [0438]). 

Regarding claim 1 1 , Lev Ran teaches means for receiving references and 
attributes from the Authorization Module applicable to overwrite an individual 
service policy with new references and attributes during a service progression 
handled within a specific instance of the first finite-state machine (paragraph 
[0073]). 
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Regarding claim 12, Thomas discloses means for notifying to the 
Authorization Module a specific event in service progression (paragraph [0058]). 

Regarding claim 13, Thomas discloses means for requesting from the 
Authorization Module a further processing to determine an appropriate action to 
go on with the service progression (see Fig. 8A and Fig. 8B). 

Regarding claim 14, Thomas discloses means for receiving from the 
Authorization Module an instruction selected from: access granted without 
restriction, another service to substitute a previous service requested, forced log 
out, and indication of a state transition (see abstract). 

Regarding claim 16, Thomas discloses wherein the means for generating 
a service session identifier comprise means for including said service session 
identifier in the response to be returned to the Application Gateway Module on 
whether the user is granted access to the requested service (paragraph [0009]- 
providing secure access to resources maintained on private networks). 

Regarding claim 18, Thomas discloses wherein a particular state is 
associated with a number of service policies within a specific instance of the 
second finite- state machine, said instance identified by a given service session 
identifier (paragraph [0069]). 
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Regarding claim 19, the combination of above discloses wherein the 
means for determining service policies comprise means for including in the 
response towards the Application Gateway Module at least one information 
element to activate a service policy within a specific state in the Application 
Gateway Module, said at least one information element selected from a non- 
exhaustive list of references and attributes that comprises: a number of message 
field values to match and a set of actions to carry out on matching a given 
message field value and a number of new timer values to run; and - a number of 
transactions to supervise (see above). 

Regarding claim 20, Lev Ran teaches wherein the means for including in 
the response towards the Application Gateway Module at least one information 
element to activate a service policy include means for indicating that this is a 
global service policy to apply independently of any service delivery in progress 
(paragraph [0016]). 

Regarding claim 21 , Lev Ran teaches means for receiving a notification, 
from an Application Gateway Module indicating a specific event detected in 
service progression (paragraph [0011]). 
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Regarding claim 22, Lev Ran teaches means for receiving a request, from 
an Application Gateway Module, asking for an instruction to proceed with a 
service progression (paragraph [0142]). 

Regarding claim 23, Thomas discloses means for sending towards the 
Application Gateway Module an instruction selected from: access granted without 
restriction, another service to substitute a previous service requested, forced 
logout, and indication of a state transition (paragraph [0009]). 

Regarding claim 24, Thomas discloses a number of application servers 
and provisioning systems, the application message including a given service 
session identifier intended to identify a specific instance of the second finite-state 
machine in the Authorization Module (paragraph [0069]). 

Regarding claim 27, Thomas discloses wherein a particular state within 
the specific instance of the at least one finite-state machine is associated with a 
number of service policies (paragraph [0069]). 

Regarding claim 28, Thomas discloses wherein the step of activating 
service policies includes a step of setting at least one element selected from a 
non-exhaustive list of references and attributes that comprises: a number of 
message field values to match, a number of specific actions to carry out on 
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matching, a number of timer values to run, and a number of transactions to 
supervise (paragraph [0438] where flow timer is run). 

Regarding claim 29, Thomas discloses a step of receiving at the service 
network an application message originated at an entity selected from: a number 
of service servers of a service provider and a number of entities of a provisioning 
system, the application message including a given service session identifier 
intended to identify a specific instance of the at least one finite-state machine 
(paragraph [0069]). 

Regarding claim 30, the combination of above discloses wherein the step 
of configuring at least one finite-state machine further comprises configuring a 
first finite- state machine in an Application Gateway Module and configuring a 
second finite-state machine in an Authorization Module (see above). 

Conclusion 

1 . Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

2. Any inquiry concerning this communication or earlier communications from the 
Examiner should be directed to Amanuel Lebassi, whose telephone number is (571) 
270-5303. The Examiner can normally be reached on Monday-Thursday from 8:00am to 
5:00pm. 

If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, Nick Corsaro can be reached at (571) 272-7876. The fax phone number for 
the organization where this application or proceeding is assigned is (571) 273- 
8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
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have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free) or 703-305-3028. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist/customer service whose telephone 
number is (571)272-2600. 

Amanuel Lebassi 
Ik. U 
04/20/2010 



/NICKCORSARO/ 

Supervisory Patent Examiner, Art Unit 2617 



